CVE-2023-6350
Gentoo Linux Security Advisory 202402-14
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High)
Use after free en libavif en Google Chrome anterior a 119.0.6045.199 permitía a un atacante remoto explotar potencialmente la corrupción del heap a través de un archivo avif manipulado. (Severidad de seguridad de Chrome: alta)
An update that fixes 6 vulnerabilities is now available. This update for Chromium fixes the following issue. Chromium 119.0.6045.199 Type Confusion in Spellcheck Use after free in Mojo Use after free in WebAudio. Out of bounds memory access in libavif Use after free in libavif Integer overflow in Skia Various fixes from internal audits, fuzzing and other initiatives.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-11-28 CVE Reserved
- 2023-11-29 CVE Published
- 2024-10-17 First Exploit
- 2025-02-13 CVE Updated
- 2025-04-15 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-416: Use After Free
CAPEC
References (7)
URL | Date | SRC |
---|---|---|
https://github.com/dywsy21/CVE-2023-6350_Reproduction | 2024-10-17 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | < 119.0.6045.199 Search vendor "Google" for product "Chrome" and version " < 119.0.6045.199" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 11.0 Search vendor "Debian" for product "Debian Linux" and version "11.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 12.0 Search vendor "Debian" for product "Debian Linux" and version "12.0" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 38 Search vendor "Fedoraproject" for product "Fedora" and version "38" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 39 Search vendor "Fedoraproject" for product "Fedora" and version "39" | - |
Affected
|